General
-
Target
Pass_1234_Setup.rar
-
Size
5.4MB
-
Sample
220930-q699jsefbr
-
MD5
467438920b89982a2569cd594bce7449
-
SHA1
451948a5e0df6a1994d3cf177f962ab676ceee16
-
SHA256
6b3fe2adc134620108008daf5e8bc2046d10834b5f5fbcb421ff3bde4497005f
-
SHA512
42cb8c680b54aca1ca791eb97cf1b6d8ac2b087fad52c9f7a325208b7eddfaf12c3eafbf612f01a45e2c4bb246db8aace210ef927ecaafaa018ad9f8ff3c9def
-
SSDEEP
98304:u9k5iVMXNuvH13VXElgRXRs4337lusWqCx4nkJujNlYMea9Z8hYMl4v0gQmPanSX:u+mMIvValgRi43rkl1xSkJWP9wYU4tQq
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
54.7
1281
https://t.me/blablblsdfd
-
profile_id
1281
Targets
-
-
Target
Setup.exe
-
Size
381.5MB
-
MD5
488b292807addf2625f9b9cebcfe7f4c
-
SHA1
0d29e972b9ca08aaf4daabbfbb092fd18e8ad2bd
-
SHA256
e6e47ffae0c93126ecdd06eec051852a84dc8b8a26c53a8446ddf4a49285050f
-
SHA512
2bdde3a1a83bb25e13be2677e85edd33f4791eff3f9765896f844a3f20b22f9bdae04e400ed7ba8aff22827ee58508662511474df7976bfd523c1bf4ae23c316
-
SSDEEP
98304:dnOilxNDiSZcet7iLVI7Vc6WmP+1Eq03ZTHVtUBYGl/Oh9z:R7iwVnaEquZTHVaB7g3
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-